-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Bwahahaha, thanks Marc, nicely put.
If people on here could please get their facts correct before posting
FD's on here it would save everyone a load of time. C'mon people we're
all here for one reason or another, and if it's to annoy people, do it
somewhere else, this really isn't the place.
Most of us on here are serious about what we do, whatever that may be
;-)
It's a great list, let's keep it that way, and while we're at it, can
we put this thread to sleep now, it's gone on long enough.
xyberpix
On 30 Dec 2004, at 01:33, Marc Maiffret wrote:
Hi Lance Gusto,
It is really interesting that someone with such a disdain for my
company
would go out of their way to spam out an email about a supposed
backdoor
within our products, choose not to contact us ahead of time, and then
provide no real details to prove your claim... Ahhh but wait, you chose
not to provide any details because you're a "good guy". As you said:
"Unfortunately, we can't release the "exploits" publicly due to the
severity of these flaws." Right.
The reason you could not provide any real details about these backdoors
are because there are no backdoors in Iris nor SecureIIS.
While I would not wish to give someone like you the time of day nor 15
minutes of infamy, eEye does take every security claim very seriously.
We have performed an audit of SecureIIS and Iris code to re-verify what
we already knew, that there are no backdoors in either of them.
It is quite possible that you downloaded fake warez versions of our
products from peer-to-peer networks which someone might have put there
to trick people and put backdoors on their systems. However, if such
warez product versions existed they would not be from eEye as we do not
distribute our software on peer-to-peer networks nor recommend people
downloading warez versions from there. Get your warez from a trusted
distributor. ;-) If you would have contacted us we could have saved you
the embarrassment... But then you are sending emails from Hotmail
through a proxy at a university in Germany so I seriously doubt you
care
if your persona "Lance Gusto" gets embarrassed on public mailing lists.
These backdoors are as much of a reality as Santa Claus but then you
seem to be childish enough that you probably still believe in the jolly
red man. Maybe next you can follow-up your humors eMail with a spoofed
advisory about a backdoor you found in Rudolph "the red nosed
reindeer".
At least then you could promote yourself from being a coward to a
comedian.
Thank you, please drive through.
Signed,
Marc Maiffret
Chief Hacking Officer
eEye Digital Security
T.949.349.9062
F.949.349.9538
http://eEye.com/Blink - End-Point Vulnerability Prevention
http://eEye.com/Retina - Network Security Scanner
http://eEye.com/Iris - Network Traffic Analyzer
http://eEye.com/SecureIIS - Stop known and unknown IIS vulnerabilities
Important Notice: This email is confidential, may be legally
privileged,
and is for the intended recipient only. Access, disclosure, copying,
distribution, or reliance on any of it by anyone else is prohibited and
may be a criminal offense. Please delete if obtained in error and
email
confirmation to the sender. P.S. I'm going to tell you this for your
own
benefit, your email was dope as hell especially since you faked 90
percent of it. What you need to do is practice on your freestyle before
you come up missing like triple m's police file.
For Security And Open Source News And Info Visit:
http://www.xyberpix.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)
iD8DBQFB4e4icRMkOnlkwMERAiiEAJsF/svsADIHRj6yAvh9eV09qQ9DjQCeIGoO
mQfY4KClb9V75BsdTWvKcdk=
=mUTu
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
